/** * on-delete-callback */ public function ondeleteCb() { if (Input::get('act') != 'deleteAll') { $this->checkUserRole(Input::get('id')); if ($this->restrictedUser) { $this->log('Datensatz mit ID ' . Input::get('id') . ' wurde von einem nicht authorisierten Benutzer versucht aus tl_gallery_creator_albums zu loeschen.', __METHOD__, TL_ERROR); $this->redirect('contao/main.php?do=error'); } // also delete the child element $arrDeletedAlbums = GalleryCreatorAlbumsModel::getChildAlbums(Input::get('id')); $arrDeletedAlbums = array_merge(array(Input::get('id')), $arrDeletedAlbums); foreach ($arrDeletedAlbums as $idDelAlbum) { $objAlbumModel = GalleryCreatorAlbumsModel::findByPk($idDelAlbum); if ($objAlbumModel === null) { continue; } if ($this->User->isAdmin || $objAlb->owner == $this->User->id || true === $GLOBALS['TL_CONFIG']['gc_disable_backend_edit_protection']) { // remove all pictures from tl_gallery_creator_pictures $objPicturesModel = GalleryCreatorPicturesModel::findByPid($idDelAlbum); if ($objPicturesModel !== null) { while ($objPicturesModel->next()) { $fileUuid = $objPicturesModel->uuid; $objPicturesModel->delete(); $objPicture = GalleryCreatorPicturesModel::findByUuid($fileUuid); if ($objPicture === null) { $oFile = FilesModel::findByUuid($fileUuid); if ($oFile !== null) { $file = new File($oFile->path); $file->delete(); } } } } // remove the albums from tl_gallery_creator_albums // remove the directory from the filesystem $oFolder = FilesModel::findByUuid($objAlbumModel->assignedDir); if ($oFolder !== null) { $folder = new Folder($oFolder->path, true); if ($folder->isEmpty()) { $folder->delete(); } } $objAlbumModel->delete(); } else { // do not delete childalbums, which the user does not owns $this->Database->prepare('UPDATE tl_gallery_creator_albums SET pid=? WHERE id=?')->execute('0', $idDelAlbum); } } } $this->redirect('contao/main.php?do=gallery_creator'); }
/** * ondelete-callback * prevents deleting images by unauthorised users */ public function ondeleteCb(\Contao\DC_Table $dc) { $objImg = GalleryCreatorPicturesModel::findByPk($dc->id); $pid = $objImg->pid; if ($objImg->owner == $this->User->id || $this->User->isAdmin || $GLOBALS['TL_CONFIG']['gc_disable_backend_edit_protection']) { // Datensatz löschen $uuid = $objImg->uuid; $objImg->delete(); //Nur Bilder innerhalb des gallery_creator_albums und wenn sie nicht in einem anderen Datensatz noch Verwendung finden, werden vom Server geloescht // Prüfen, ob das Bild noch mit einem anderen Datensatz verknüpft ist $objPictureModel = GalleryCreatorPicturesModel::findByUuid($uuid); if ($objPictureModel === null) { // Wenn nein darf gelöscht werden... $oFile = FilesModel::findByUuid($uuid); $objAlbum = GalleryCreatorAlbumsModel::findByPk($pid); $oFolder = FilesModel::findByUuid($objAlbum->assignedDir); // Bild nur löschen, wenn es im Verzeichnis liegt, das dem Album zugewiesen ist if ($oFile !== null && strstr($oFile->path, $oFolder->path)) { // delete file from filesystem $file = new File($oFile->path, true); $file->delete(); } } } elseif (!$this->User->isAdmin && $objImg->owner != $this->User->id) { $this->log('Datensatz mit ID ' . $dc->id . ' wurde vom Benutzer mit ID ' . $this->User->id . ' versucht aus tl_gallery_creator_pictures zu loeschen.', __METHOD__, TL_ERROR); Message::addError('No permission to delete picture with ID ' . $dc->id . '.'); $this->redirect('contao/main.php?do=error'); } }